#CyberFLASH: Prepare for threat of quantum computing to encrypted data, Canadian conference told

The race to create new cryptographic standards before super-fast quantum computers are built that can rip apart data protected by existing encryption methods isn’t going fast enough, two senior Canadian officials have warned a security conference.

“I think we are already behind,” Scott Jones, deputy chief of IT security at the Communications Security Establishment (CSE), responsible for securing federal information systems, told the fourth annual international workshop on quantum-safe cryptography in Toronto on Monday.

Quantum computing – or more accurately, computers that use quantum mechanics – is not a dream, Jones and others told the conference of business executives, crypto academics, IT companies and government officials. One prediction is there’s a one in seven chance that by 2026 a quantum computer will exist that can break RSA-2048 encryption. It may take longer — or, if there’s an advance, shorter.

“Quantum represents a fundamental change and challenge to encryption for all of us,” Jones said, noting that encrypted transactions are the backbone of security and trust on the Internet.

His comments were backed by David Sabourin, CSE’s manager of cryptographic security, who said that if the 2026 prediction is right “we’re in trouble.” Speaking on a panel of government experts, Sabourin noted the U.S.-based National Institute of Standards and Technology (NIST) will close its call for proposed new and more quantum-secure public key encryption algorithms next year. Then it will take a couple of years of review, which means products that can use new crypto standards might be released in 2025 – and then start to be implemented around the world. So 2026 will be “messy,” he concludes, with organizations rushing to install new solutions.